AzSK- App Service - Many control IDs should be specific for an app service (Microsoft.Web/sites)

[rai-m]

I am using AzSK ARM Template Checker to define controls on the ARM templates that are created for building discrete components in Azure.

The AzSK ARM Template Checker expects that the App Service Plan and the App Service is deployed with a single template, and hence extends certain App Service controls to Microsoft.Web/serverFarms which otherwise are specific for app services. This is a challenge when you want to validate independent resources (say an app service plan alone).

Example App Service specific ControlIDs that should NOT extend to Microsoft.Web.serverFarms

• Azure_AppService_Config_Disable_Remote_Debugging
• Azure_AppService_Config_Disable_Web_Sockets
• Azure_AppService_BCDR_Use_AlwaysOn
• Azure_AppService_Deploy_Use_Latest_Version
• Azure_AppService_Audit_Enable_Logging_and_Monitoring
• Azure_AppService_DP_Dont_Allow_HTTP_Access
• Azure_AppService_AuthN_Use_AAD_for_Client_AuthN
• Azure_AppService_AuthN_Use_Managed_Service_Identity
• Azure_AppService_DP_Use_Secure_TLS_Version

Here is my simple App Service Plan resource in the template:

 {
      "name": "[parameters('name')]",
      "type": "Microsoft.Web/serverfarms",
      "apiVersion": "2020-06-01",
      "location": "[parameters('location')]",
      "tags": "[parameters('tags')]",
      "properties": {
        "reserved": false
      },
      "sku": {
        "name": "[parameters('skuCode')]",
        "tier": "[parameters('sku')]",
        "capacity": "[parameters('skuCapacity')]"
      }
    }